[Openswan Users] One Way Traffic Flow?
Ben Batten
benbatten at gmail.com
Tue Feb 27 12:19:03 EST 2007
All--
I have a curious problem I was hoping somebody could help me out with.
I've got a Linux 2.4.21 (klips) client trying to connect to a Linux
2.6.20(netkey) IPSec gateway. Both are using Openswan
2.4.7.
Everything works fine to a point; the SA is successfully establishes but my
routing seems to be somehow busted and I'm just not getting my noodle around
it. I can ping from one side to the other (tcpdump show the incoming ESP)
but I never get any ICMP replies back in either direction. There's nothing
to speak of errorwise.
HostA starts the connection from with it's NATed environment to HostB who
adds the connection. Here's the topology and conn:
HostA <----> NAT <---- internet ----> HostB
conn HostA-HostB
left=HostBpublicIP
leftnexthop=HostBPublicDefaultGW
leftsubnet=HostB/32
leftid=...
leftca=...
leftcert=...
leftrsasigkey=%cert
right=HostAPrivateIP
rightid=HostAPublicIP
rightnexthop=HostAPrivateDefaultGW
rightca=...
rightcert=%cert
rightrsasigkey=...
rightsubnet=HostA/32
The curious thing is that I can see the ike traffic going back and forth but
ESP only goes one way. Any thoughts or pointers?
Thanks!
Ben--
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20070227/ac72e15b/attachment.html
More information about the Users
mailing list